[Discuss] deadmanish login?
Jerry Feldman
gaf.linux at gmail.com
Wed Feb 1 06:45:10 EST 2017
On 01/31/2017 01:56 PM, Kent Borg wrote:
> On 01/31/2017 11:30 AM, Grant NAPC wrote:
>> I think it's better to train them how to create those passwords on
>> their own and then require them to change them so that should they
>> reuse them elsewhere then they are only a concern for 90 days or
>> whatever.
>
> I am not saying that forcing a password on users is good--I am
> undecided...
>
> The problem with rotating passwords is how in hell to manage them.
> Once upon a time, when hardly anyone had a password and those who did
> had but a single password, it was easy. But now there are a lot.
>
> As a practical matter, how do you expect users to know their new
> password if you make them change it every few weeks? Serious question.
Most businesses force password changes on their employees periodically,
usually every 90 days. They also force standards like 8 characters, at
least 1 lower and upper case and 1 number. I personally use lastpass to
generate my random passwords with 12 characters. I personally prefer
using RSA keys.
--
Jerry Feldman <gaf.linux at gmail.com>
Boston Linux and Unix http://www.blu.org
PGP key id:B7F14F2F
PGP Key fingerprint: D937 A424 4836 E052 2E1B 8DC6 24D7 000F B7F1 4F2F
More information about the Discuss
mailing list